A deep dive into the SBOM format SPDX with Kate Stewart and Gary O'Neall

Nerding Out With Viktor

We Have The Receipts

1
Battle Camp: Final 5 Episodes with Dana Moon + Interview with the Winner! 1:03:29

לפני 1 day1:03:29

הפעל מאוחר יותר

רשימות

לייק

אהבתי

1:03:29

Finally, we find out who is unbeatable, unhateable, and unbreakable in the final five episodes of Battle Camp Season One. Host Chris Burns is joined by the multi-talented comedian Dana Moon to relive the cockroach mac & cheese, Trey’s drag debut, and the final wheel spin. The Season One Winner joins Chris to debrief on strategy and dish on game play. Leave us a voice message at www.speakpipe.com/WeHaveTheReceipts Text us at (929) 487-3621 DM Chris @FatCarrieBradshaw on Instagram Follow We Have The Receipts wherever you listen, so you never miss an episode. Listen to more from Netflix Podcasts.…

לפני שנה 50:14

MP4•בית הפרקים

תוכן מסופק על ידי Viktor Petersson. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Viktor Petersson או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

In this episode of "Nerding Out with Viktor," Kate Stewart from the Linux Foundation and Gary O'Neall, a long-time SPDX contributor, join Viktor to explore the evolution and impact of SPDX (Systems Package Data Exchange) in software transparency. The conversation traces SPDX's journey from its origins in license compliance to its current pivotal role in security and vulnerability tracking, revealing how this open standard is shaping modern software development practices.

Kate and Gary provide deep technical insights into the challenges teams face when generating accurate Software Bills of Materials (SBOMs), including complex scenarios involving circular dependencies and component uncertainty. Through practical examples from their work with various organizations, they demonstrate how these real-world challenges have influenced the development of SPDX tools and specifications.

The discussion delves into current initiatives for integrating SBOM generation into build systems, with specific focus on implementations in the Zephyr and Yocto projects. They also explore ongoing efforts to implement build-time SBOM generation for the Linux kernel, highlighting both the technical approach and practical benefits for development teams.

Viktor, Kate, and Gary examine the growing regulatory requirements surrounding SBOMs, particularly in safety-critical systems, and how SPDX 3.0 is being designed to meet these demands while supporting modern CI/CD pipelines. The conversation illuminates the technical considerations behind maintaining compatibility with existing tools while expanding functionality for new use cases. As an open, community-driven project, SPDX continues to evolve with industry needs, offering solutions for compliance, security vulnerabilities, and supply chain transparency in modern software development workflows.

]]>

35 פרקים

#Tech #Viktor Petersson